Exam 1: Introduction to Information Security

Match each item with a statement below. a.Accuracy f.Data users b.Authenticity g.Integrity c.Availability h.Utility d.Confidentiality i.Data custodians e.Data owners -Enables authorized users to access information without interference or obstruction, and to receive it in the required format.

Organizations must minimize ____ to match their risk appetite.

By balancing information security and access, a completely secure information system can be created.

Match each item with a statement below. a.Accuracy f.Data users b.Authenticity g.Integrity c.Availability h.Utility d.Confidentiality i.Data custodians e.Data owners -People responsible for the security and use of a particular set of information.

Match each item with a statement below. a.Accuracy f.Data users b.Authenticity g.Integrity c.Availability h.Utility d.Confidentiality i.Data custodians e.Data owners -End users who work with the information to perform their daily jobs supporting the mission of the organization, and who therefore share the responsibility for data security.

A(n) ____ is an application error that occurs when more data is sent to a buffer than it can handle.

An enterprise information security policy (EISP) is also known as a(n) ____.

Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency?

Define social engineering and briefly describe how it is accomplished.

When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable.

Implementing multiple types of technology and thereby preventing the failure of one system from compromising the security of information is referred to as ____________________.

____________________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages whose IP addresses indicate to the recipient that the messages are coming from a trusted host.

List the four important organizational functions an information security program performs.

Which term describes a subject or object's ability to use, manipulate, modify, or affect another subject or object?

Match each item with a statement below. a.Accuracy f.Data users b.Authenticity g.Integrity c.Availability h.Utility d.Confidentiality i.Data custodians e.Data owners -The protection of information from disclosure or exposure to unauthorized individuals or systems.

Match each item with a statement below. a.Accuracy f.Data users b.Authenticity g.Integrity c.Availability h.Utility d.Confidentiality i.Data custodians e.Data owners -A term meaning information remains whole, complete, and uncorrupted.

How does a distributed denial-of-service (DDoS) attack work and why are they so dangerous?

Match each item with a statement below. a.Accuracy f.Data users b.Authenticity g.Integrity c.Availability h.Utility d.Confidentiality i.Data custodians e.Data owners -A term referring to the quality or state of being genuine or original rather than a reproduction or fabrication.

The CIA triad is based on three characteristics of information that form the foundation for many security programs: ____.

Describe the purpose of the Security Area Working Group and RFC 2196.